Understanding a domain & subdomain
To better understand what a Wildcard SSL Certificate is, you will need to understand the difference between a domain & subdomain.
A domain is a website address. An example is “trustico.com”, whenever you enter an address to go a website, you will always need a domain to do so. To create a website, you will need to purchase a domain and whenever a customer needs to access your site, they will use your domain to do so.
A subdomain is a website that is owned by a domain but is separate to the website itself. Subdomains have many functions and uses, and a lot of e-commerce businesses make use of them. An example of a subdomain is “secure.trustico.com” A subdomain is created by using a dot “.” before the domain with a set of words (In our example “secure”). A subdomain can be an entirely different website to the domains website.
At Trustico®, we have our website “trustico.com”, when a customer is placing an order, the customer is redirected to “order.trustico.com”. This website is separate to our website as it allows the customer to place an order, manage their profile and purchases.
The above images display the examples of a subdomain along with the domain itself. Subdomains can be many levels deep as you will notice further on in this article.
What is a Wildcard SSL Certificate?
A Wildcard SSL Certificate is designed to secure an unlimited number of subdomains of the domain name it is purchased for. The SSL Certificate will be issued to *.yourdomain.com for example. The * is then used and replaced with the subdomain when installed on your server. A Wildcard SSL Certificate will only secure the single level it is purchased for.
The asterisk ‘*’ means “all”
What will the Wildcard SSL Certificate Secure?
If you request your SSL Certificate for *.trustico.com, you can then secure the following examples (but not limited to):
You will notice the above subdomains are only of the one level and the * is replaced with the subdomain. The SSL Certificate issued to *.trustico.com.au, will not secure for example:
These are not of the level purchased for and considered another level above.
If you purchased the SSL Certificate for *.www.trustico.com.au then you would be able to secure the following examples (but not limited to):
You will notice that all the above include www.trustico.com and the * only is replaced with the subdomain. You will also notice that www.trustico.com is not listed as being secured. This is because www.trustico.com is not a root domain name. It is a subdomain of the root domain name “trustico.com.au”. “trustico.com.au” is also not secured as it is not of the level purchased for.
The root domain name will only be included in the purchase of the SSL Certificate when a first level subdomain wildcard is purchased.
What do I need to include in the CSR?
As given in the examples above, when you generate the CSR on your server you need to make sure that the SSL Certificate is purchased for the exact level you need to secure and for the exact domain name. When creating a Wildcard CSR, the only difference between a single domain SSL Certificate and the Wildcard SSL Certificate is that you include an asterisk (*) at the beginning of the domain name to stipulate that you want the SSL Certificate purchased for wildcard instead of a single domain name.
www.trustico.com will only have the SSL Certificate issued to the specified domain name www.trustico.com.
*.trustico.com.au will not only protect the root domain (trustico.com.au), but also anything before the dot “.”
I need to install my Wildcard on an unlimited number of servers
All Wildcard SSL Certificates purchased through Trustico® come with an unlimited number of server licenses.
What does this mean?
This means that you can install the SSL Certificate issued on an unlimited number of physical servers at the same time with no disruption to any of the other installations. If you have your subdomains installed on 6 individual different servers in different locations, no problems. You can install the one SSL Certificate on all servers.
What are the benefits/advantages of a Wildcard SSL Certificate?
- Cheaper: Wildcard SSL Certificates are big money savers. When you have a number of subdomains that need to be secured it can get costly purchasing an individual SSL Certificate for each individual subdomain. (Not only that, but the server costs in regard to individual IP addresses for each individual SSL Certificate and domain name pair needs to be considered as well.) A Wildcard SSL Certificate covers all your subdomains, removing the cost of individual SSL Certificates for each subdomain. Additionally, it allows you to have all subdomains using a single IP address.
- Easier Management: Management of the SSL Certificate should also be considered. With installation, if all subdomains are on a single machine it would require only a single installation of the one SSL Certificate. If you purchased one SSL Certificate for each subdomain, each individual SSL Certificate needs to be installed on your server, taking up time that could be spent on something else important. When it comes to renewal time of the SSL Certificate, you only need to secure a single SSL Certificate, again saving your time and money.
How do I install a Wildcard SSL Certificate?
There is no difference between installing a Wildcard SSL Certificate on your server than installing an SSL Certificate issued for a single domain name. That is why you will notice no installation instructions for your server type for the installation of just a wildcard SSL Certificate.
It is highly recommended that you refer to your server manual on the correct way to install an SSL Certificate (Reviewing the steps should be done before installation to make sure that you are installing the SSL Certificate correctly the first time.)
Trustico® provides installation instructions for most major server types.
Mobile device compatibility for Wildcards
Mobile device in the past have had problems working with Wildcard SSL Certificates. As the Wildcard symbol the asterisk (*) wasn’t recognized. Most modern mobile devices now support Wildcard SSL Certificates and Wildcard SSL Certificates are issued with 99.9% browser ubiquity. If you have questions about using mobile devices with a Wildcard SSL Certificate, contact Trustico® customer support through our website Live Chat or Telephone to speak to our highly trained agents about other options available for you if a Wildcard SSL Certificate is not suitable for your needs.
Domain Validated Wildcards (DV)
The following products are Domain Validated Wildcard Certificates:
This means that these SSL Certificates are issued within minutes, the only Validation requirement is via email – Refer to Validation Requirements for DV SSL Certificates
The major thing you do need to be aware of is that these SSL Certificates are only validated for your domain name, this means that only your domain name will be included in the SSL Certificate. There will be no company information in the SSL Certificate at all.
DV SSL Certificate Recommendations
The domain Vetted Wildcard SSL Certificates are perfect for that start up business with low level transactions or visitors to their website, or for internal use when company information in the SSL Certificate is not needed.
Organization Validated Wildcards (OV)
The following products are Organisation Validated Wildcard SSL Certificates:
These SSL Certificates issued are of the highest level, you can’t get any better. As mentioned previously, DV SSL Certificates only require validating the domain and the owner of the domain. OV SSL Certificates are issued to your domain name and company. This means that your company details will be listed in the SSL Certificate and the site seal issued with the SSL Certificate.
This adds that high level of Trust to your customers and website. Stating that not only is your website and domain name safe to purchase from, but it also proves that you are a legitimate company that is registered within your country.
OV SSL Certificate Recommendations
Everyone using a Wildcard SSL Certificate on a public facing website or e-commerce website should purchase an Organisation Validated (OV) level SSL Certificate. It is important that you instill the trust of not only your domain name and website but your company as well. Your clients will be able to see your company details in the SSL Certificate meta-data.